CVE-2003-1418

Apache HTTP Server 1.3.22-1.3.27 - Sensitive Information Exposure via ETag Header or MIME Boundary

Title source: llm
STIX 2.1

Description

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

References (5)

Core 5
Core References
Various Sources vendor-advisory x_refsource_openbsd
http://www.openbsd.org/errata32.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6939
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6943
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11438

Scores

EPSS 0.0658
EPSS Percentile 93.0%

Details

CWE
CWE-200
Status published
Products (6)
apache/http_server 1.3.22
apache/http_server 1.3.23
apache/http_server 1.3.24
apache/http_server 1.3.25
apache/http_server 1.3.26
apache/http_server 1.3.27
Published Dec 31, 2003
Tracked Since Feb 18, 2026